cookie-0006-API-add-cmd-sendMessage.patch

author: Philip Häusler <msquare@notrademark.de> 2014-01-05 19:34:17 +0100
committer: Philip Häusler <msquare@notrademark.de> 2014-01-05 19:34:17 +0100
commit: 6664433fabc8d2173c74c74bc30f569e68228fa2 (patch)
tree: 65c6d2d026a6b2f67539083de6656177cb98d3e7 /includes/model/Message_model.php
parent: 9dc5dbe3b6eacae5ea8dc335304edf7007d2ab57 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php
index 0141208b..d42dca5f 100644
--- a/includes/model/Message_model.php
+++ b/includes/model/Message_model.php
@@ -26,4 +26,26 @@ function mMessage($id) {
 	return null;
 }
 
+
+/**
+ * send message
+ *
+ * @param $id User ID of Reciever
+ * @param $text Text of Message
+ */
+function mMessage_Send($id, $text) {
+	global $user;
+	
+  $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));
+  $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags( $id));
+
+  if (($text != "" && is_numeric($to)) && 
+      (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) ) {
+    sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+    return true;
+  } else {
+    return false;
+  }
+ }
+
 ?>
 \ No newline at end of file
author	Philip Häusler <msquare@notrademark.de>	2014-01-05 19:34:17 +0100
committer	Philip Häusler <msquare@notrademark.de>	2014-01-05 19:34:17 +0100
commit	6664433fabc8d2173c74c74bc30f569e68228fa2 (patch)
tree	65c6d2d026a6b2f67539083de6656177cb98d3e7 /includes/model/Message_model.php
parent	9dc5dbe3b6eacae5ea8dc335304edf7007d2ab57 (diff)